Chain Analysis Attacks: A Case Study

1. Introduction: The Adversary

The adversary is a chain analysis firm. Their goal is to deanonymize Bitcoin transactions for their clients (governments, exchanges). Their primary weapon is the Common-Input-Ownership Heuristic, the assumption that all inputs to a single transaction are owned by the same entity. This document will simulate how this adversary attacks users of the three main CoinJoin protocols.

2. Simulation 1: The Naive Whirlpool User

Scenario: Alice wants to anonymize 0.1 BTC. She uses Whirlpool and successfully mixes her UTXO. She now has a fresh, mixed 0.1 BTC UTXO. A week later, she needs to pay 0.15 BTC to a merchant. In her wallet, she has her mixed 0.1 BTC UTXO and a 0.05 BTC UTXO left over as change from a previous, non-private transaction (a "doxxic change" UTXO).

The User's Mistake: Alice is in a hurry. She simply types "0.15 BTC" into her wallet and hits send. Her wallet, not configured for strict privacy, combines the two UTXOs to create the payment.

The Analyst's View:

1. Step 1: Identify the Mix. The analyst easily identifies the 5-input, 5-output Whirlpool transaction on the blockchain. They flag all 5 outputs as "post-mix" with a low confidence score.
2. Step 2: Observe the Spend. The analyst sees one of the 0.1 BTC post-mix outputs being spent. They examine the transaction.
3. Step 3: Apply the Heuristic. The transaction has two inputs: the 0.1 BTC (post-mix) and a 0.05 BTC UTXO. The analyst applies the Common-Input-Ownership Heuristic. They now assume both inputs belong to the same entity.
4. Step 4: Trace the Doxxic Change. The analyst traces the history of the 0.05 BTC UTXO. It leads back to a KYC exchange where Alice bought Bitcoin. The link is now complete.

Visualized Attack:

[KYC Exchange] ---> [Alice's Wallet] ---> [0.05 BTC Doxxic Change]
                                                                  |
                                                                  +---> [Transaction: 0.15 BTC to Merchant]
                                                                  |
[Whirlpool Mix] --> [0.1 BTC Mixed UTXO]--------------------------+

Result: Alice's privacy is completely destroyed. The analyst has linked her KYC identity to her mixed funds and her payment to the merchant.

3. Simulation 2: The Imprecise WabiSabi User

Scenario: Carol uses WabiSabi to mix a significant, arbitrary amount of BTC. She follows good practice and receives several mixed UTXOs. A few days later, she buys a small amount of BTC from a KYC service and sends it to the same wallet, but forgets to label the new UTXO as "unmixed_kyc".

The User's Mistake: Carol wants to pay for a service. Her wallet's coin selection algorithm, to minimize fees, combines one of her large, mixed UTXOs with the small, unmixed KYC UTXO.

The Analyst's View:

1. Step 1: Identify the KYC UTXO. The analyst has already flagged the UTXO coming from the KYC service as belonging to Carol.
2. Step 2: Observe the Spend. The analyst sees the KYC UTXO being spent in a transaction with another, much larger input.
3. Step 3: Apply the Heuristic. The analyst applies the Common-Input-Ownership Heuristic. They now have high confidence that both the KYC UTXO and the large, previously anonymous UTXO belong to Carol.

Result: Carol has deanonymized a significant portion of her mixed funds. The analyst now knows that this large UTXO, which came from a WabiSabi mix, belongs to her.

4. Simulation 3: The Expert JoinMarket User

Scenario: David wants to achieve strong privacy. He uses JoinMarket's tumbler script, which automates a series of CoinJoins with different, random makers over several hours. He sends the mixed coins to a dedicated, clean wallet.

The User's Action: David follows the Post-Mix UTXO Management Guide. When he wants to spend, he uses strict coin control to select a single mixed UTXO and sends the payment. The change from that transaction is labeled and kept separate.

The Analyst's View:

1. Step 1: Observe the Initial Mix. The analyst sees a small CoinJoin transaction. They cannot be sure who initiated it due to JoinMarket's decentralized nature.
2. Step 2: Observe the Chain of Mixes. The analyst sees the output of the first mix move into another, separate CoinJoin a while later. And then another. The trail is a series of small, disconnected hops, not a single, large event.
3. Step 3: The Trail Goes Cold. Because David never combines his mixed UTXOs with each other, and never combines them with unmixed funds, the analyst has no "common input" to anchor their analysis. Each transaction is self-contained. The analyst can see a *pattern* of mixing, but they cannot prove that the same entity controls the funds throughout the entire chain.

Result: The analyst fails. The cost to continue the analysis outweighs the probability of success. David's privacy remains intact.

5. Conclusion: The Perfect Defense

In Simulations 1 and 2, the failure was not with the CoinJoin protocol itself, but with the user's post-mix operational security. The adversary's victory was handed to them by careless wallet management.

The expert user in Simulation 3 demonstrates that the combination of a robust mixing strategy (like JoinMarket's tumbler) and strict, disciplined post-mix UTXO management is the only effective defense.

Following the principles in our Post-Mix UTXO Management Guide is not optional; it is the critical second half of the privacy process. The mix creates the possibility of privacy, but only the user's actions can preserve it.